diff --git a/data/templates/bookmarks.tpl.php b/data/templates/bookmarks.tpl.php index a8299fd..dab2f37 100644 --- a/data/templates/bookmarks.tpl.php +++ b/data/templates/bookmarks.tpl.php @@ -199,7 +199,7 @@ if($currenttag!= '') { $brss = ''; $size = count($rsschannels); for ($i = 0; $i < $size; $i++) { - $brss = ''. $rsschannels[$i][0] .''; + $brss = ''. htmlspecialchars($rsschannels[$i][0]) .''; } $pagesBanner = '

'. $bfirst .' / '. $bprev .' / '. $bnext .' / '. $blast .' / '. sprintf(T_('Page %d of %d'), $page, $totalpages) ." ". $brss ."

\n"; @@ -352,7 +352,7 @@ if($currenttag!= '') { echo '
';; - echo '
'. filter($row['bTitle']) ."" . $adminStar . "
\n"; + echo '
'. filter($row['bTitle']) ."" . $adminStar . "
\n"; if ($row['bDescription'] == '') { $bkDescription = $GLOBALS['blankDescription']; } else { diff --git a/data/templates/sidebar.block.search.php b/data/templates/sidebar.block.search.php index 64cb8ac..7efc935 100644 --- a/data/templates/sidebar.block.search.php +++ b/data/templates/sidebar.block.search.php @@ -18,8 +18,10 @@ if ($lastSearches && count($lastSearches) > 0) { '; - echo ''; - echo $row['shTerms']; + echo ''; + echo htmlspecialchars($row['shTerms']); echo ''; echo ' ('.$row['shNbResults'].')'; echo '';